HQ - GRC Lead

What you will do

• Own and lead the company’s GRC strategy across SOX, ISO 27001, and GDPR
• Design, implement, and maintain SOX control frameworks, including documentation, testing, and audit readiness
• Build and manage the Information Security Management System (ISMS) aligned with ISO 27001
• Ensure GDPR compliance across all data processing activities, including data mapping, DPIAs, and privacy controls
• Lead internal and external audits, acting as the primary point of contact for auditors
• Identify compliance gaps and drive remediation plans with technical and non-technical teams
• Develop governance policies, procedures, and risk management frameworks
• Partner closely with Engineering and Security teams to embed controls into systems and SDLC processes
• Monitor regulatory and compliance changes and translate them into actionable requirements

Requirements

• 8+ years of experience in GRC, Risk, Compliance, or IT Audit roles
• Strong hands-on experience with SOX compliance programs (design, testing, audit coordination)
• Solid knowledge of ISO 27001 and experience managing or supporting ISMS implementation
• Practical experience with GDPR in a product or corporate environment
• Experience working with internal and external auditors
• Strong stakeholder management and communication skills across technical and non-technical teams
• Ability to translate regulatory requirements into scalable business processes
• Fluent English

Nice to have

• Experience in SaaS or product-led companies
• Experience in Big 4 (Deloitte, EY, PwC, KPMG) or similar audit environments
• Familiarity with cloud environments (AWS, GCP, Azure)
• Security certifications (CISA, CISM, ISO 27001 Lead Implementer/Auditor)